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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to communication(s) filed on 03 January 2002 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) Q Claim(s) is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) - is/are allowed. 

6) £3 Claim(s) 1-21 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 16 August 2001 is/are: a)E3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1 ) Notice of References Cited (PTO-892) 4) O Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Pa P er No(s)/Mail Date. . 

3) ^ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 > d Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date 3. 6) □ Other: . 
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DETAILED ACTION 



Priority 



1 . No claim for priority has been made in this application. 

2. The effective filing date for the subject matter defined in the pending claims in 
this application is 08/16/2001 . 



(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed in the 
United States before the invention by the applicant for patent or (2) a patent granted on an application for patent by 
another filed in the United States before the invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the effects for purposes of this subsection of an 
application filed in the United States only if the international application designated the United States and was 
published under Article 21(2) of such treaty in the English language. 



3. Claims 1 - 21 are rejected under 35 U.S.C. 102(e) as being anticipated by Molini 
(Patent Number: US 6353385 B1 ), hereinafter referred to as Molini. 

4. As per claim 1, 8 and 15, Molini teaches a method in a data processing system 
for reporting security situations, comprising the steps of: 

5. logging events by storing event attributes as an event set, wherein each event 
set includes a source attribute, a target attribute and an event category attribute (Molini, 
see example, Column 5 Line 1 - 10, Column 7 Line 5-6 and Column 9 Line 24 - 29); 

6. classifying events as groups by aggregating events with at least one attribute 
within the event set as an identical value (Molini, see example, Column 8 Line 25 - 37, 
Column 7 Line 19-20, Column 6 Line 49 - 51 and Column 9 Line 30 - 35); and 



Claim Rejections - 35 USC § 102 
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7. calculating severity levels for the groups (Molini, see example, Column Line 33); 

8. reporting a group from the groups to a user as a situation, if a severity level of the 
group exceeds a threshold value (Molini, see example, Column 7 Line 50 - 55 and 
Figure 1 Element 30 and 35). 

9. As per claim 2, 9 and 16, Molini as modified teaches the claimed invention as 
described above (see claim 1, 8 and 15 respectively). Molini as modified further 
teaches the severity levels are calculated based on at least one of the number of event 
sets within each of the groups, the source attribute of the event sets within each of the 
groups, the target attribute of the event sets within each of the groups, and the event 
category attribute of the event sets within each of the groups (Molini, see example, 
Column 7 Line 27 - 40 and Column 8 Line 48 - 55). 

10. As per claim 3, 10 and 17, Molini as modified teaches the claimed invention as 
described above (see claim 1, 8 and 15 respectively). Molini as modified further 
teaches the events include at least one of a web server event, an electronic mail event, 
a Trojan horse, denial of service, a virus, a network event, an authentication failure, and 
an access violation (Molini, see example, Column 1 Line 60 - 62 and Column 3 Line 36 
-38). 

11. As per claim 4, 1 1 and 1 8, Molini as modified teaches the claimed invention as 
described above (see claim 1 , 8 and 15 respectively). Molini as modified further 
teaches calculating the threshold value based on at least one of the source attribute of 
the event sets within the group, the target attribute of the event sets within the group, 
the event category attribute in each event set of the group, and the number of attributes 
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in each event set of the group that are held constant across all of the event sets in the 
group (Molini, see example, Column 7 Line 50 - 63 and Column 8 Line 48 - 55). 

12. As per claim 5, 12 and 19, Molini as modified teaches the claimed invention as 
described above (see claim 1, 8 and 15 respectively). Molini as modified further 
teaches the target attribute represents one of a computer and a collection of computers 
(Molini, see example, Column 1 Line 29 - 35). 

13. As per claim 6, 13 and 20, Molini as modified teaches the claimed invention as 
described above (see claim 1,8 and 15 respectively). Molini as modified further 
teaches the source attribute represents one of a computer and a collection of computers 
(Molini, see example, Column 1 Line 29 - 35). 

14. As per claim 7, 14 and 21 , Molini as modified teaches the claimed invention as 
described above (see claim 1, 8 and 15 respectively). Molini as modified further 
teaches aggregating a subset of the groups into a combined group (Molini, see 
example, Column 9 Line 30 - 32). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 703-305-0710. 
The examiner can normally be reached on Monday-Friday 8:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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